What is hacking? To me, the act of hacking is the tinkering, studying, analyzing, learning, exploring and experimenting. Not just computers, but anything. One of the great outcomes of this activity is discovering ways to make the object of your attention bend to your will for your benefi t, under your control. An accountant who discovers a new tax loophole can be considered a hacker. Through out time tinkerers, thinkers, scholars and scientists who created things like the wheel, lever and fulcrum, capacitor, inductor, polio vaccine, the light bulb, batteries, phone, radio, air plane, and of course the computer, in a sense, were all hackers. All of the individuals behind most every great invention had a relentless pursuit to bend the will of whatever force they could leverage to a desired outcome. Very few innovations were created by accident, and even if the result of an accident was the inspiration, a great degree of tinkering, studying, analyzing, learning, exploring and experimenting was most certainly necessary to obtain or perfect the desired goal. Most great innovations came from an almost unnatural amount of tinkering, studying, analyzing, learning, exploring and tinkering … or hacking. The act of hacking when applied to computer security typically results in making the object of your desire (in this case, usually a computer) bend to your will. The act of hacking when applied to computers, just like anything else, requires tenacity, intense focus, attention to detail, keen observation, and the ability to cross reference a great deal of information,
oh and thinking “outside of the box” defi nitely helps.
In this book, we aim to describe how to make a computer bend to your will by fi nding and exploiting vulnerabilities specifi cally in Web Applications. We will describe common security issues in web applications, tell you how to fi nd them, describe how to exploit them, and then tell you how to fi x them. We will also cover, how and why some hackers (the bad guys) will try to exploit these vulnerabilities to achieve their own end. We will also try to explain how to detect if hackers are actively trying to exploit vulnerabilities in your own web applications.
In this book the examples will being teaching how to fi nd vulnerabilities using “Black Box” methods (where the user does not have the source code, documentation or web server logs for the application). Once the black box methods have been described, source code and audit trail methods of discovering vulnerabilities will also be mentioned.
Total Chapters: 7